Several REST service endpoints of Apache Archiva are not protected against Cross Site Request Forgery (CSRF) attacks. A malicious site opened in the same browser as the archiva site, may send an HTML response that performs arbitrary actions on archiva services, with the same rights as the active archiva session (e.g. administrator rights).
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published: 2017-05-22T18:00:00

Updated: 2024-08-05T15:11:48.764Z

Reserved: 2017-01-29T00:00:00

Link: CVE-2017-5657

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2017-05-22T18:29:00.177

Modified: 2024-11-21T03:28:07.440

Link: CVE-2017-5657

cve-icon Redhat

No data.